The present invention relates in general to flash memories and in particular to flash memories used for secured data applications.
A number of new applications for electronic devices have emerged during the last several decades. Many of these include need for security of information stored in the electronic devices.
Some, such as automated bank teller machines, employ encryption engines, which may be compatible with the Data Encryption Standard (xe2x80x9cDESxe2x80x9d) published by the U.S. Government. Others, such as secure telephone units, use a public key algorithm to exchange cipher keys that are then employed together with encryption techniques providing high enough data throughput. to allow real-time voice or data communication. These technologies do not lend themselves to pocket-, purse- or wallet-portable consumer applications and may be of limited geographic use due to export restrictions.
xe2x80x9cSmart cardsxe2x80x9d containing electronic circuitry are becoming increasingly popular as a way of transferring funds in exchange for goods or services. In some instances, a memory integrated circuit within the smart card is credited with a balance when funds are deposited, and the balance is decremented as the card is used while a credit is given in a separate account. In other instances, the card operates more as a debit or credit card, providing information that is then used to alter balances in two or more accounts external to the card. In either case, the owners of the card or the accounts or both have vested interests in the integrity of whatever system is used to safeguard the financial interests of the rightful owner of the affected funds, balances or accounts.
Different kinds of systems can be employed for verification of a user""s identity for authentication of a transaction. In those systems where the user supplies some form of data (e.g., PIN), and the data is sufficient to provide access to something in which the user has a property interest, it is important to safeguard the data itself.
Numerous examples of electronic theft based on unauthorized use of identification codes exist. In many cases, people have had their telephone cards numbers and PINs observed while using a public telephone. The observer then places calls using the stolen data. Sophisticated thieves have picked cellular telephone identification codes from cellular telephone transmissions and then encoded semiconductor memory integrated circuits with the stolen codes, put the memory integrated circuits into cellular telephones and sold the telephones.
Requiring the user to enter a PIN via some publicly-accessible medium thus can present substantial security risks. Additionally, requiring the user to memorize and repeatedly provide a PIN presents noticeable nuisance value to the user. One approach to ensuring that the user of a given financial instrument is authorized to do so is to unobtrusively read an immutable or nearly-immutable physical characteristic of the user that also provides unique identification of that user contemporaneously with use of the instrument. However, data corresponding to the identifying characteristic then must be stored in some portion of the system that the instrument interacts with. When these data are read out from either the instrument or the system and then used to falsely authenticate a transaction, system security is compromised. Systems in which this can occur are likely to meet substantial marketplace challenges and are unlikely to win consumer confidence and market acceptance.
Enablement of a high degree of user autonomy is a highly desirable characteristic in many consumer instruments. As a result, portability coupled with widespread acceptance of the consumer instrument are strongly preferred. At the same time, both real-time operation and a high degree of data security are important characteristics.
In one aspect, the present invention is capable of providing the security of fingerprint recognition together with the convenience of smart cards as a way of enabling transactions across a variety of consumer markets, together with permitting high geographic diversity. The manner in which the fingerprint recognition is carried out does not permit probing of a memory storing reference fingerprint data, and the binary nature of the output data does not permit information regarding the stored reference fingerprint data to be determined from a xe2x80x9ctrial and errorxe2x80x9d approach. In one aspect, the fingerprint recognition hardware disables or destroys access to the smart card portion of the invention when a predetermined number of unsuccessful attempts to enable the card for use have been attempted. Access to the stored fingerprint data may be disabled or destroyed in addition to or as an alternative to disabling or destroying access to the smart card portion of the invention.